S3 Replication with KMS

After much research, I have realized that there isn't really a concise, straight to the point guide on designing replication in S3, using SSE-KMS, and cross-account ownership. So, a quick guide on what has worked for me: In your ORIGIN ACCOUNT Create origin BucketCreate origin IAM roleCreate origin IAM PolicyCreate origin KMS keySet up origin … Continue reading S3 Replication with KMS

Multiple KMS Principals in Terraform

CORRECTION: You can actually implement policies through the normal procedure, example below: principals { type = "AWS" identifiers = [ "ARN", "ARN" } However - You must verify that your Roles are already created! Otherwise you will get what appears to be a generic failure. It was just a coincidence for me that I deployed … Continue reading Multiple KMS Principals in Terraform

COVID19 Threat Sharing Group

Recently I joined a COVID19 threat sharing group. It is pretty amazing watching the data analysis and community driven response to the pandemic. One of the biggest contributions the community has made is publishing an easy to access blacklist: https://blocklist.cyberthreatcoalition.org/vetted/At time of this writing the domain and URL categories are very fleshed out, and each … Continue reading COVID19 Threat Sharing Group

Initial Security Onion Problems

I have been working on implementing Security Onion in a production environment. The two major problems that have given me headaches so far is storage on the sensor nodes, and internal networking. Networking Problem Security Onion uses docker to create and manage different aspects of itself. Below is a good image of the different containers … Continue reading Initial Security Onion Problems

Threat Emulation – Tune Tune Tune

Today's compliance environment requires more and more monitoring to be put in place, which is awesome! More logs, more samples, more alerts! However, just implementing and monitoring a SIEM or other log/alerting solution is not really going to ensure you're seeing what you need to so. Instead you might want to consider a bit of … Continue reading Threat Emulation – Tune Tune Tune

Network Flight Simulator

I have been looking for training mechanisms lately for the team. Luckily, it looks like folks already have been trying to find the same, because this handy repository was already built Adversary Emulation APTSimulator - Windows Batch script that uses a set of tools and output files to make a system look as if it was … Continue reading Network Flight Simulator